By Agence France-Presse
The virus "has devised a new method that was unexpected by government systems", Abdulaziz al-Ruwais, governor of the Commission for Communications and Information Technology, told Makkah newspaper.
He said that "some bodies had been affected" by the programme, and detailed measures which companies could take to try to protect their computer networks.
Local media reported early this week that Shamoon 2 hit the private sector and various government agencies including a division of the labour ministry.
Global security firm Symantec on Monday did not mention Saudi Arabia but said it was "currently investigating reports of yet another new attack in the Middle East involving the destructive disk-wiping malware used by the Shamoon group".
The company in December said Shamoon had been used in attacks against targets in Saudi Arabia.
Arab News reported at the time that the National Cyber Security Centre "detected destructive electronic strikes against several government agencies and vital establishments".
In August, state media reported cyberattacks against government institutions and vital installations they did not identify.
Shamoon was employed in strikes against the Saudi energy sector in 2012.
At that time, US intelligence officials said they suspected a link to the kingdom's regional rival Iran.
Ties between Riyadh and Tehran have worsened over the past year.