Report this to your manager and make it clear (using reports from cases, such as those ransomware cases) that you need to invest right away in security and a backup process you trust.
Absolute correct, be honest with downtime include worst and best cases, extend those to non IT-Matters and let your Manager take over the responsibility if nothing changes.
And this: https://www.usenix.org/system-administrators-code-ethics