The attack disrupted some government services, most notably at airports last week, though automated machines were now functional, the communications ministry said on Monday.
Minister Budi Arie Setiadi said the attacker used a new variant of existing malicious software called Lockbit 3.0, without giving further details.
The Lockbit cybercrime group is notorious for using malicious software called ransomware to digitally extort its victims.
Ransom software works by encrypting victims' data. Hackers can offer a key in return for payments, typically to be made in cryptocurrency, that can run into the hundreds of thousands or even millions of dollars.
If the victim resists, hackers can then threaten to leak or delete confidential data in a bid to pressure the person or organisation.
Semuel Abrijani Pangerapan, an official at communications ministry, said digital forensics into investigation are underway and further details have yet to be found.